From b5d1d302817d57e398fefae864efee403b59fb39 Mon Sep 17 00:00:00 2001
From: thinkgem <thinkgem@163.com>
Date: Thu, 23 May 2019 18:15:11 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=85=81=E8=AE=B8=E7=9A=84?=
 =?UTF-8?q?=E7=BD=91=E7=AB=99=E6=9D=A5=E6=BA=90=E5=9C=B0=E5=9D=80=E6=8C=87?=
 =?UTF-8?q?=E5=AE=9A=E5=8F=82=E6=95=B0=20shiro.allowReferers=20=E9=81=BF?=
 =?UTF-8?q?=E5=85=8D=E4=B8=80=E4=BA=9B=E8=B7=A8=E7=AB=99=E7=82=B9=E8=AF=B7?=
 =?UTF-8?q?=E6=B1=82=E4=BC=AA=E9=80=A0CSRF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 modules/core/src/main/resources/config/jeesite-core.yml | 4 ++++
 web/src/main/resources/config/application.yml           | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/modules/core/src/main/resources/config/jeesite-core.yml b/modules/core/src/main/resources/config/jeesite-core.yml
index 55f99519..13b600e8 100644
--- a/modules/core/src/main/resources/config/jeesite-core.yml
+++ b/modules/core/src/main/resources/config/jeesite-core.yml
@@ -351,6 +351,10 @@ shiro:
   # 是否允许接收跨域的Cookie凭证数据
 #  accessControlAllowCredentials: true
   
+  # 允许的网站来源地址，不设置为全部地址（避免一些跨站点请求伪造CSRF）
+#  allowReferers: http://127.0.0.1,http://localhost
+#  allowReferers: ~
+  
   # 是否在登录后生成新的Session（默认false）
   isGenerateNewSessionAfterLogin: false
   
diff --git a/web/src/main/resources/config/application.yml b/web/src/main/resources/config/application.yml
index e72a8ff9..9a69f22e 100644
--- a/web/src/main/resources/config/application.yml
+++ b/web/src/main/resources/config/application.yml
@@ -391,6 +391,10 @@ logging:
 #  # 是否允许接收跨域的Cookie凭证数据
 ##  accessControlAllowCredentials: true
 #
+#  # 允许的网站来源地址，不设置为全部地址（避免一些跨站点请求伪造CSRF）
+#  allowReferers: http://127.0.0.1,http://localhost
+#  allowReferers: ~
+#
 #  # 是否在登录后生成新的Session（默认false）
 #  isGenerateNewSessionAfterLogin: false
 #